Details of Private Pal Security Features

Private Pal helps, issues, etc.

Details of Private Pal Security Features

Postby Zax » 2011-12-23 4:03

Private Pal aims to create the most secure and flexible app for managing private and import data。

This article will talk about all security designs and related features of Private Pal(PP).

What Makes Private Pal Secure?

1. Screen Auto-Lock

PP locks its screen anytime when you close it, leave it or lock your device. then you need a password for re-open.

Question 1.1 What is special in PP's screen locking?

(i) Unlock password is encrypted with not only the famous AES-256 algorithm, but also PP's private algorithm:"PPRE-1", which makes the your password become random and long before AES-256 encryption. See example of PPRE-1 for more details at the end of the article.

(ii) The storage of your unlock password contains a digital signature with it, which means if anyone had modified, copied, moved, replaced or deleted the stored binary manually, PP would know and will refuse to use. What's more , the signature will be related to all encrypted data in PP, with a check before each data's decryption, PP will know if the data and key is created by the same instance of PP, or copied from other one, or edited by attackers.

(iii) Your unlock password is not used for other data's encryption directly, random generated keys will be used for that, you do not need to worry about setting a longer password for increasing the security but hard to remember. It is much more secure than you can imagine.

(iv) Anyone could only try 5 times of wrong password, then need to wait for one hour for more tries.

(v)You can set a time for "Auto-Lock Interval", if your do not want to to be asked for inputing password so frequently.

2. Multiple Account

You can create more than one account in PP. Each account has its own data, they are completely independent, transparent and equal from one to another.

It is really hard to become really Transparent, but PP did. Which means any one will have no idea about whether or not he/she is login as the super user or not, even though he/she is PP's experienced user. He/she also has no idea about whether or not there are other data that belongs to other user.(This is the main difference from desktop OS's multi-account)

Question 2.1 When should I create multiple accounts?

Multiple accounts could help to hide your key account, could be created for special users, could be used to stop others for trying out your password...
For one or more reasons, you may need more than one account:

(i) When your closed friend, families or big boss ask you for the a password to run your PP in your iPhone, what should you say ? Yes, the password of another account that you've just created besides your own, with only common item in it.

(ii) You lost your iPhone, and the picker is the energetic one, Yes, he will never stop trying out your password although there are only 5 times of chances in one hour, it brings fun for some person, and brings money for business attackers.Create an empty account with password "1234" would help them trying it out easier and dropping their evil ideas faster.

(iii) You have a iPad, and are using it with multiple family members. Such as your business papers, your wife's credit card, and your son's private photos, since you do not want to buy 2 other iPads, creating 3 accounts in PP would help you out to keep each one's privacy separately.

Question 2.2: How to switch between accounts?
When PP is locked, you can login as different user by just inputing different unlock passwords.
When PP is unlocked, go to the "Settings", and choose "Lock Private Pal Now", then unlock with different password.

Question 2.3 How can I transfer data from one account to another on the same device?
Set the item as "Shared", which makes it visible to all accounts.

Question 2.4: How to transfer data between different devices
You can use "Archive/ Import" to exporting all data of "Current Account" to an single file, use iTunes to copy it from one device to another. (see our User Manual for details).

Caution that do NOT transfer data from one account to more than one account on same device. Please notice the "one account only for one account" rule when doing cross-device synchronization.

3.Access Password

PP provide Access Password to protect your very import data, for items with access passwords, users need to input access password after unlocked to see their content.

Question 3.1: Why should I need Access Password besides unlock password?

(i) It might be easy for some one to glimpse your unlock password since you are typing then so frequently.

(ii) You might be afraid that some one would grab your iPhone when you are using PP, then he/she might have the full privilege for access all data except those with access password.

Question 3.2: Will Access Password of a category protect all its sub-itmes?
Sorry but No! in current version of PP, access password for category will only protect the category but none of its sub-items, those sub-items are still visible in search results list, fav list and recents list.

4. Storage Security

Here comes the most important part of PP at last, which is the key difference between PP and other data managing apps: the Security of Storage.

All data saved in PP will be fully encrypted. PP uses not only the famous AES-256, but also its own algorithm called:"PPRE-1" and "PPEE-256" for providing the extremely high security for data encryption.

(i) All photos, videos and imported files will be encrypted using "PPEE-256", each with a random encryption key. Which means even the attacker get the encryption key of one file, other files are still as safe as possible.

About PPEE-256
Unlike other famous algorithms, such as AES, DES etc, "PPEE-256" is much safer towards the most common attacking method: the Brute Force Attack, even with super computers, because the algorithm of PPEE-256 is privately hold by Miocool, and it will never be public.

(ii) The encryption key of above files is generated randomly, with random length and random content, and encrypted with "PPRE-1" and "AES-256". For more details about "PPRE-1", see examples at the end of the article.

(iii)For Simple Text and Multi-line Text content in PP, their data will be encrypted using both PPEE-256 and AES-256, while their key will be encrypted using "PPRE-1" and "AES-256". For other important data such as your unlocking password, your settings of auto-unlock, accounts, wrong password try count, etc., they will all be encrypted using both PPRE-1 and "AES-256".

About PPRE-1

"PPRE-1" is one of Miocool's excellent designs, which will format the data with random length and content, its output is different for each time you call it even with the same input. What's more, PPRE-1 will add a signature to each of the encrypted data, and will read and check them when doing decryption, in order to make sure they have never been edited manually after encrypted.

Here is a example for PPRE-1:

Take password of "123abc" for example, with 6 character, if you have some computer knowledge, you may know:
the original binary is <31 32 33 61 62 63>.

Now we will use PPRE-1 to encrypted the same password for 3 times, and here are the outputs:
1st time: <bce53752 1a519d5b 75317ef4 4664b7e5 97cdb789 0ec58f61 f21bcc41 c43679cf 68>
2st time: <376f19b9 9ee42e5e 15f29a45 e605fecf 5963327b 679ae386 d8>
3st time: <98cfa3dd ce9b0484 da790bc8 35c0e753 2aa924ce ab277101 c77b>

You see the 3 output of PPRE-1 with same input of password "123abc" are totally different from each other,it is really impossible for a attacker to get any idea about the algorithm of PPRE-1 by analyzing its storage data. What's more, these formatted data is always hidden behind the AES-256, the world's most famous and popular encrypting algorithm, which makes us believe that PP could be the most secure app you can ever find and trust, and we are proud of it, and we'll never stop making it better.

Well, It is really hard for reading such a long article without any picture, video or animation, and with the writer's such poor English expression. After all these, I hope you think them deserves all your patience, since they brought you with what you need.

Any further questions, plz contact "support@duweis.com", feel free!

Thanks for your reading.
Zax Zeng
Duwei Technology
User avatar
Zax
★★★★★
 
Posts: 1125
Joined: 2011-07-27 0:54

Return to Private Pal - Forums

cron